MITREid versions 1.3.3 and below suffer from a cross site scripting vulnerability.
4af01c468a0b4372b4ec0d37a9c3cbb6
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
10f155214b43543ed6228cacf1da3f77
qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.
df9b1db93b79b6c69b0ccf3415728a46
This whitepaper is a study that gives an overview about what methodology a hacker uses to hack into a system, discusses a theft of millions from the central bank of Bangladesh, and more.
3ef7c0115d20d15b6ae83d2c02bfe8bc
Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.
191766a5277a4253e369b17103b4ba2c
SerialTweaker is a tool that can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.
d914f07f0f241842bdd179051467fe46
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
e468b78e1176e0212b13ef809f59dcbb
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.
c570719350c921b2c7becfe0e4ee9922
Red Hat Security Advisory 2020-0637-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6.
8505779ac008b90ba2e38343b215dc69
Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.
d6be3faa418a6e10be9d297a2d90a45b
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
000cc50f337b9153c743fedc3c178d54
Chrome suffers from a heap use-after-free vulnerability in DesktopMediaPickerController::WebContentsDestroyed.
696153f1a945a02c625d23a13667f869
This function, reached through ioctl VS4L_VERTEXIOC_QBUF in the Samsung kernel, has an error case that cannot function correctly. It reads in an array of pointers from userspace and in-place replaces each userspace pointer with a kernel pointer allocated with kzalloc(). Unfortunately, in the error case it will iterate over all the pointers in the array (regardless of how many, if any, were converted to kernel pointers) and call kfree() on each of them. Thus, all it takes to call kfree() on an arbitrary number of controlled pointers is to make the second copy_from_user() fail after successfully copying in the desired number of pointers to free.
05651491fa9a6c8a32c0a6dc538ee2f3
Red Hat Security Advisory 2020-0632-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
af6adb72a6bf7fc35ce5c81cb8c0ad34
Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.
d6be3faa418a6e10be9d297a2d90a45b
XNU suffers from a use-after-free vulnerability in tcp_input.
5109da3d6da1dda43fca2c712bf5f5a2
Red Hat Security Advisory 2020-0634-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
6c18d79e6baafe4b7b430b7686798a16
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
4b03d210881221c0ea06cd9e4caf0f35
Red Hat Security Advisory 2020-0631-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
6285ebc751d08f8d9c98997f39b3ca0d
Red Hat Security Advisory 2020-0633-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
c6c11c080987f7a4be2599acc6575436
In the Samsung kernel, the /dev/hdcp2 device ioctls seem to implement no locking, leading to multiple exploitable race conditions. For example, you can open a session with the HDCP_IOC_SESSION_OPEN ioctl, and then close it in multiple threads in parallel with the HDCP_IOC_SESSION_CLOSE. Since no locking is implemented in hdcp_session_close(), memory will be corrupted and the system will become unstable.
d4c16edeb7e9bb6b2a66c4a9bfe48796
The function __vipx_ioctl_put_container() in the Samsung kernel calls copy_to_user() on a vs4l_container_list structure that contains a kernel pointer, exposing that kernel pointer to userspace just before it gets passed to kfree().
4d763dd7a0edc38113e6a84e2a16619c
Red Hat Security Advisory 2020-0526-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue where /etc/passwd was given incorrect privileges has been addressed.
5aefe9f768193d95b9edcdf6975f9ad7
Red Hat Security Advisory 2020-0630-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
ef5027fdb910dbc4fc3b4c7bea90fa6f
Comtrend VR-3033 suffers from a command injection vulnerability.
1068034443ae0a1d32707c90982e884d